CVE-2020-27923

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may le...

CVE-2020-27919

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2020-9955

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution...

AZL-44580 CVE-2021-20291 affecting package buildah for versions less than 1.41.4-2

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

Debian: Security Advisory (DLA-2612-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2612-1 : leptonlib security update

Several issues have been found by ClusterFuzz in leptonlib, an image processing library. All issues are related to heap-based buffer over-read in several functions or a denial of service application crash with crafted data. For Debian 9 stretch, these problems have been fixed in version...

Accusoft ImageGear Out-of-Bounds Writing Vulnerability

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, U.S. An out-of-bounds write vulnerability exists in Accusoft ImageGear, which could be exploited by an attacker to potentially cause memory corruption via a malformed file prepared...

JasPer 代码问题漏洞

JasPer is a C-based tool for image processing from the individual developer Michael Adams. The software supports the JPEG-2000 format as defined in ISO/IEC 15444-1 and is primarily used for image encoding and processing. Jasper suffers from a code issue vulnerability that can be exploited by an...

Pillow Buffer Overflow Vulnerability (CNVD-2021-54033)

Pillow is a Python-based image processing library. buffer overflow vulnerability exists in versions of Pillow prior to 8.1.1, which stems from the presence of a negative offset memcpy with an invalid size in TiffDecode.c. No details of the vulnerability are currently available...

Fedora: Security Advisory for python-pillow (FEDORA-2021-9016a9b7bd)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: python-pillow-8.1.2-1.fc34

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

PT-2021-4567 · Pillow +9 · Pillow +9

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 8.2.0 Description: An issue was discovered in the FliDecode component of the Pillow image processing library, related to incorrect checking of non-zero block advance for FLI data. This could potentially lead to an...

[SECURITY] Fedora 33 Update: python-pillow-7.2.0-5.fc33

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

[SECURITY] Fedora 32 Update: python-pillow-7.0.0-7.fc32

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

[SECURITY] Fedora 32 Update: python2-pillow-6.2.2-5.fc32

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. This is a minimal compatibility package for https://pagure.io/fesco/issue/2 266...

Pillow has an unspecified vulnerability (CNVD-2021-54034)

Pillow is a Python-based image processing library. Pillow version 8.1.1 previously contained a security vulnerability that could be exploited by attackers to conduct regular expression DoS ReDoS attacks via crafted PDF files...

Leptonica Heap Buffer Overflow Vulnerability

Leptonica is an open source library containing software widely used in image processing and image analysis applications. A heap buffer overflow vulnerability exists in pixFewColorsOctcubeQuantMixed in colorquant1.c in versions of Leptonica prior to 1.80.0. No detailed vulnerability details are...

Leptonica heap buffer overflow vulnerability (CNVD-2021-19746)

Leptonica is an open source library containing software widely used in image processing and image analysis applications. A heap buffer overflow vulnerability exists in pixReadFromTiffStream in tiffio.c in versions of Leptonica prior to 1.80.0. No detailed vulnerability details are provided at thi...

Leptonica heap buffer overflow vulnerability (CNVD-2021-19745)

Leptonica is an open source library containing software widely used in image processing and image analysis applications. A heap buffer overflow vulnerability exists in findNextBorderPixel in ccbord.c in versions of Leptonica prior to 1.80.0. No details of the vulnerability are provided at this ti...

The vulnerability of the OpenJPEG library for image encoding and decoding, related to the lack of zero-division checking, allows attackers to trigger a service failure.

The vulnerability of the OpenJPEG library for image encoding and decoding is related to division by zero. Exploiting this vulnerability allows a remote attacker to cause a service failure...